
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



09/910,987 



07/23/2001 



7590 12/15/2005 

Samuel H. Dworetsky 
AT&T CORP. 
P.O. Box 41 10 

Middletown, NJ 07748-4110 



Yihsiu Chen 



2000-0183 



3520 



EXAMINER 



ZHONG, CHAD 



ART UNIT 



PAPER NUMBER 



2152 

DATE MAILED: 12/15/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summarv 


Application No. 

09/910,987 


Applicant(s) 
CHEN ET AL 


Examiner 
Chad Zhong 


Art Unit 
2152 




- The MAILING DATE of this communication appears on the cover sheet with the correspondence ac 


idress - 



Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )E] Responsive to communication(s) filed on 19 May 2003 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. . 

Disposition of Claims 

4) ^ Claim(s) 1-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E] Claim(s) 1-20 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) ^3 The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)Q None of: 

Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 

3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Claims 1-20 are presented for examination. 

2. It is noted that although the present application does contain line numbers in specification and 
claims, the line numbers in the claims do not correspond to the preferred format. The preferred format is 
to number each line of every claim, with each claim beginning with line 1 . For ease of reference by both 
the Examiner and Applicant all future correspondence should include the recommended line numbering. 

3. Applicant is required to update the status (pending, allowed, etc.) of all parent priority 
applications in the first line of the specification. The status of all citations of US filed 
applications in the specification should also be updated where appropriate. 

4. The specification is objected to because of the following: current US patent policy does 
not permit the use of hyperlinks in the specification. Such links are directed to an Internet site, 
the contents of which are subject to change without notice. Therefore, the potential for inclusion 

of new matter would be a constant problem. See page 15, for example. Correction is required throughout 
the entire application. 

5. The use of the trademark Microsoft, Apple, among others have been noted in this application (pg 
9 for example). It should be capitalized wherever it appears and be accompanied by the generic 
terminology. Appropriate correction is required through out the entire application. 

6. The listing of references in the specification is not a proper information disclosure statement. 37 
CFR 1.98(b) requires a list of all patents, publications, or other information submitted for consideration 
by the Office, and MPEP § 609.04(a) states, "the list may not be incorporated into the specification but 
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must be submitted in a separate paper." Therefore, unless the references have been cited by the examiner 
on form PTO-892, they have not been considered. 
Specifically, references: 

On pg 2, 4, 6, 12, 15, 16, among others, are not currently submitted as part of the IDS, in addition, 
Applicant need to apply the foregoing throughout the entire specification. 

Claim Rejections - 35 USC§102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who has 
fulfilled the requirements of paragraphs ( 1 ), (2), and (4) of section 371 (c) of this title before the invention thereof by 
the applicant for patent. 

9. Claims 1-10, and 16 are rejected under 35 U.S.C. 102(e) as being anticipated by Pao et al. 
(hereinafter Pao), US 6,694,437. 

1 0. As per claim 1 , Pao teaches a network interface unit for communicating data packets over a 
non-secure network between client devices on a local area network (LAN) and an access node for a 
secure virtual private network (VPN) comprising: 

means for authenticating at least one of said client devices seeking to access said VPN, thereby 
establishing at least one authenticated client device (Col. 3, lines 1-7, wherein at least one user 
authenticate with ID controller 362), 

a configuration server for sending configuration information to said at least one authenticated client 
device (Col. 3, lines 5-15, where the user performed authentication with the ID controller 362, and an IP 
address is assigned to the user by the access concentrator 3 1 , i.e. in this embodiment, configuration 
information is the IP address; Col. 3, lines 22-35, service provider 37 sends choices of services which 
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user can select, i.e. configuration information in this embodiment are the choices of services), 

a GUI server for presenting at least one menu to at least selected authenticated client devices (Col. 3, 
lines 20-35, wherein the GUI server is the service provider, the service provider provides on-demand 
services for user 34 to choose; Col. 3, lines 57-61, on demand menu for the dial-up user to choose), 

means for receiving at least a first message reflecting selections from said at least one menu (Col. 3, 
lines 25-35, user can select non-VPN or VPN oriented services and directed to the appropriate locations 
according to his/her choice), and 

means for accessing said non-secure network using information in said at least a first message 
(Col. 3, lines 23-27, non-VPN services are interpreted as running on non-secure network, user has access 
to those services if he/she so chooses), and 

a security server for establishing a secure connection over said non-secure network between said 
LAN and said access node (Col. 3, lines 30-35, where the user has the option to establish secure VPN 
communications with the VPN server if he/she so chooses). 

9. As per claim 2, Pao teaches: 

a memory for storing configuration information for at least one client device (Col. 3, lines 33-35, user 
information is implicitly saved on the controller/concentrator side to save time of establishing session 
with the VPN server), and 

means for retrieving configuration information for at least selected ones of said client devices from 
said memory upon subsequent authentication of said at least one client device (Col. 3, lines 33-35, lines 
65-67, where the stored information from the first LCP negotiation is used upon subsequent 
authentication to the VPN server services). 

10. As per claim 3, Pao teaches: 

said configuration information for each authenticated client device comprises information received on 
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behalf of each of said client devices upon an initial authenticating of respective ones of said client devices 
(Col. 3, lines 13-16, lines 23-27, where the IP address and the selection of services are both received from 
another network device). 

11. As per claim 4, Pao teaches: 

at least one of said client devices is a computer, and wherein said information received on behalf of a 
client device is received from one of said computers (Fig. 30, item 30, 34, 35 are all computers, item 30 is 
the logic that's running on the Internet Service Provider (ISP) side). 

12. As per claim 5, Pao teaches 

said information received on behalf of a first computer is received from said first computer (Col. 3, 
lines 22-27, where the users choose the services that are presented to them). 

13. As per claim 6, Pao teaches: 

the network interface unit of claim 1 wherein said configuration information for each authenticated 
client comprises information related to connections to said non-secure network (Col. 3, lines 25-26, 
information related to non-VPN services are information related to connection to non-secure network). 

14. As per claim 7, Pao teaches: 

said information related to a connections to said non-secure network comprises information relating 
to at least one dial-up connection (Col. 2, lines 25-32, dial-up connection can request a non-VPN / non- 
secure connection). 

15. As per claim 8, Pao teaches 

said information related to at least one dial-up connection comprises information relating to at least 
one customized dial-up connection (Col. 3, lines 5-10, wherein the dial-up packets are customizable, with 
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varying source addresses, rights, user ID, and passwords), said information relating to each of said 
customized dial-up connections comprising a customized dial-up string of characters to control a dial-up 
modem connection to said non-secure network (Col. 3, lines 5-10, lines 20-27, customized packets are 
forwarded to the non-VPN services upon user selection, string of characters are implicitly taught in Pao as 
user get to choose the type of services. Since the user need to read the choices in order to make the 
choice, a string of characters in natural language is inherent). 

16. As per claim 9, Pao teaches: 

said information related to connections to said non-secure network comprises information relating to 
at least one connection having a fixed IP address (Col. 3, lines 4-6, where the source address is original 
and fixed). 

17. As per claim 1 0, Pao teaches 

said information related to connections to said non-secure network comprises information relating to 
at least one connection having a temporary IP address (Col. 3, lines 13-15, where an new network address 
is assigned to remote user by access concentrator; Col. 3, lines 35-40, where an new address is assigned to 
the user so that access to remote services in the VPN server). 

18. As per claim 16, Pao teaches: 

said means for authenticating comprises means for comparing client ID and password information 
received from a client device with information stored at said network interface unit (Col. 3, lines 30-35, 
interface unit or the LCP controller 381 utilizes previously stored user information from the first LCP 
negotiation, which comprises of source address, rights, user ID, and password, in order to establish 
connections in a short time). 
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Claim Rejections - 35 VSC § 103 

19. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such 
that the subject matter as a whole would have been obvious at the time the invention was made to a person having 
ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in 
which the invention was made. 

20. Claims 1 1-15, and 17-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Pao, as 
applied to claim 1, 2, 6, 10 above, in view of what was well known in the art (hereinafter Well-Known). 

21. As per claim 1 1 and 12, Pao disclose the invention substantially as rejected in claim 10 above, but 
does not teach DHCP server/client. However, Official Notice is taken (see MPEP 2144.03) DHCP 
server/client was well known and routinely used for automatically assigning IP addresses within the VPN 
environment. It would have been obvious to one of ordinary skill in the art to include DHCP server with 
Pao because it would provide for additional efficiency, by allowing to reuse existing address pool 
assignment facilities so that compatibility and integration with existing addressing implementations and 
IP address management software is assured. 

22. As per claim 13, Pao disclose the invention substantially as rejected in claim 6 above, but does 
not teach information relating to at least one point-to-point over Ethernet (PPPoE) connection. However, 
Official Notice is taken (see MPEP 2144.03) PPPoE was well known and routinely used for 
authentication purposes within VPN network. It would have been obvious to one of ordinary skill in the 
art to include PPPoE connection with Pao because it would provide for added security, by using per 
session authentication based on Password Authentication Protocol (PAP) or Challenge Handshake 
Authentication Protocol (CHAP) will over come security hole in a bridging architecture. 
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23. As per claim 14, Pao disclose the invention substantially as rejected in claim 2 above, but does 
not teach a removable memory module. However, Official Notice is taken (see MPEP 2144.03) 
removable memory module was well known and routinely used for mobility and backup purposes. It 
would have been obvious to one of ordinary skill in the art to include removable storage with Pao because 
it would provide for mobility and ability to back up of data files on swappable memories. 

24. As per claim 1 5, Pao - Well-Known disclose the invention substantially as rejected in claim 14 
above, but does not teach storing additional information comprising web pages for presentation by said 
GUI server. However, Official Notice is taken (see MPEP 2144.03) storing of web pages for presentation 
by a GUI server was well known and routinely used for mobility and backup purposes. It would have 
been obvious to one of ordinary skill in the art to include storing of web pages for presentation by a GUI 
server within a removable storage with Pao - Weil-Known because it would provide for mobility and 
ability to back up of data files on swappable memories. 

25. As per claim 1 7, Pao teaches a network interface unit for communicating data packets over a 
non-secure network between client devices on at least one local area network (LAN) and at least one 
access node of a secure virtual private network (VPN) comprising: 

means for receiving data packets from said client devices by way of said LANS (Col. 3, lines 5-7, 
lines 30-40, where authentication information is sent from the user to establish communications with 
VPN server), 

means for multiplexing said data packets into at least one packet data stream (Col. 3, lines 5-7, 
wherein packet stream comprises authentication information, i.e. source address, rights, user ID, and 
password), 

a security server for modifying said packet data streams in accordance with a secure communications 
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protocol by encrypting packets in said data streams and encapsulating resulting encrypted packets 
(Col. 1, lines 40-45, where the packets are encrypted and encapsulated using PPTP protocol, packets 
encrypted are sent to Access Concentrator), 
Pao does not explicitly teach: 

a DNS server for providing network destination address information for at least selected ones of said 
data streams. 

Official Notice is taken (see MPEP 2144.03) DNS server for address assignment was well known and 
routinely used for address resolutions and assignments. It would have been obvious to one of ordinary 
skill in the art to include DNS server with Pao because it would provide for ease of configuration and 
ability to accurately reach destination, by assigning address assignment and resolution through DNS 
server users are able to locate and access target nodes. 

26. As per claim 18, Pao - Well-Known disclose the invention substantially as rejected in claim 1 7 
above, but does not teach an IPsec server. However, Official Notice is taken (see MPEP 2144.03) IPsec 
server was well known and routinely used for security authentication purposes in a tunnel environment. It 
would have been obvious to one of ordinary skill in the art to include IPsec server with Pao - Well- 
Known because it would provide for additional level of security, by choosing authentication mechanisms 
such as the PreSharedKey, making it difficult for the attacker to attack middle nodes. 

27. As per claim 19, Pao - Well-Known teaches disclose the invention substantially as rejected in 
claim 17 above, including: 

said security server further comprising a firewall for filtering out packets in said streams of received 
packets that are not from said VPN network (Col. 3, lines 25-40, wherein there exist a traffic filter, i.e. 
LCP controller, which filter out packets that are non-VPN services vs packets that are part of the VPN 
server communications and route/send the packet to their corresponding destinations, thus, LCP controller 
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is functional equivalent to firewall), 

said security server further comprising means for modifying said packets in said at least one stream 
by decrypting said packets in said at least one received data stream and decapsulating resulting decrypted 
packets (Pao, Col. 3, lines 10-15, wherein the network control protocol controller 363 decrypts the 
packets to get the network address and service request information from packets, additionally, 
decapsulation is inherently taught in Pao, due to previous encapsulation of packets in Col. 1, lines 40-45, 
any decryption or access of packet information inherently requires decapsulation of the data packets 
because the packets were sent to the link and physical layer prior to arriving at the controller), 

means for demultiplexing said at least one stream of received data packets to form at least one 
demultiplexed stream of data packets for delivery to said at least one LAN (Pao, Col. 3, lines 10-15, lines 
25-40, where the user request which are multiplexed as part of a request are routed to the proper target, 
whether they are VPN or non-VPN related, examiner will interpret demultiplexing as a way to 
differentiate/sort out the target node of user's request of service, Fig 4 of applicant's specification 
supports this interpretation). 

28. As per claim 20, Pao - Well-Known teaches disclose the invention substantially as rejected in 
claim 19 above, including: 

receiving packets from authenticated client devices at said network interface device are processed as 
packets received from said VPN (Pao, Col. 3, lines 30-37). 

Conclusion 

29. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
The following patents and publications are cited to further show the state of the art with respect to 
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"SYSTEM FOR AUTOMATED CONNECTION TO VIRTUAL PRIVATE NETWORKS RELATED 
APPLICATIONS". 



i. 


US 6577642 


Fijolek et al. 


ii. 


US 2002-0133722 


Levanon et al. 


iii. 


US 2003-0004859 


Shaw et al. 


iv. 


US 2003-0055652 


Nichols et al. 



Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Chad Zhong whose telephone number is (571)272-3946. The examiner can normally be 
reached on M-F 7:15 to 4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examinees supervisor, 
JAROENCHONWANIT, BUNJOB can be reached on (571)272-3913. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained 
from either Private PAIR or Public PAIR. Status information for unpublished applications is available 
through Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




